/*
 * Copyright (c) 2015, 2017 Oracle and/or its affiliates. All rights reserved.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v. 2.0, which is available at
 * http://www.eclipse.org/legal/epl-2.0.
 *
 * This Source Code may also be made available under the following Secondary
 * Licenses when the conditions for such availability set forth in the
 * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
 * version 2 with the GNU Classpath Exception, which is available at
 * https://www.gnu.org/software/classpath/license.html.
 *
 * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
 */

package com.sun.messaging.jmq.util.io;

import java.io.IOException;
import java.io.InputStream;
import java.io.InvalidClassException;
import java.io.ObjectInputStream;

/**
 * A Filtering ObjectInputStream wrapper to provide automatic black list filtering using <code>ClassFilter</code>
 *
 * example : ObjectInputStream ois = new FilteringObjectInputStream(yourInputStream);
 *
 */
public class FilteringObjectInputStream extends ObjectInputStream {

    public FilteringObjectInputStream(InputStream in) throws IOException {
        super(in);
    }

    @Override
    protected Class<?> resolveClass(java.io.ObjectStreamClass descriptor) throws ClassNotFoundException, IOException {
        String className = descriptor.getName();
        if (className != null && className.length() > 0 && ClassFilter.isBlackListed(className)) {

            throw new InvalidClassException("Unauthorized deserialization attempt", descriptor.getName());
        }
        return super.resolveClass(descriptor);
    }
}
